Sharing Google Consent with iframes (part 1)

This article is based on the one I posted here: fetch the most recent status of Google Consent storages, from a website page. My solution hasn’t come into play….until few days ago, when I had the opportunity to use it.

The context is one of the worst we Analytics Developers can have to work with, the cross-site iframe (nightmare!). As you probably know, the different origin of this kind of embedded contents is disliked by modern browsers, making the data consistency between parent and child windows very hard. However, this is not an article on this appalling topic (Simo Ahava took courage and wrote this great post about it), this article describes why and how to pass the most recent Google Consent Mode status (for analytics_storage and ad_storage, only) to the iframe itself.

Why ? Let’s start here. My iframe was part of the conversion journey, the final and most important part, indeed. It includes a lead generation form. The iframe is on a third-party domain but luckily it needed no persistence of Google Analytics identification (it’s a single-form-page)*, so I just had to append the required identifiers to the iframe source URL, without cookies, to keep data consistency between the parent website and the iframe itself (if your iframe includes multiple pages, you need another way to make it work, and this article won’t suit you* — go back to Simo Ahava’s post I linked above). Ok but…why Google Consent ?

Because my iframe is part of the same Google Tag Manager setup, active in the parent website, and the conversion tags firing in it (Google Analytics and Google Ads) should inherit the most recent consent status of analytics_storage and ad_storage (in my case). In this way, the tags will behave according with the consents the user sets before entering the iframe:

How? You can leverage the common GTM setup building the following main elements (in priority order):

1. A custom JavaScript variable that: a) makes use of my consentStatus function to fetch the last consents in the page which includes the iframe, b) based on consentStatus outputs, it defines an aggregated value (e.g “111”) that will be assigned to the GET parameter (e.g “consent”) passed to the iframe source URL. The idea is to aggregate the analytics_storage and ad_storage consents all together, in the same way Google does (e.g. “111” means granted for both).
2. A custom HTML tag that fires in the page with the iframe, preferably on your Consent Management Platform’s event for consent update, and that will handle the appending of additional GET parameters to the iframe source URL. These additional parameters are: “consent”, taking value from the custom variable (1), and “_ga”, essential for keeping data consistency (user and session) between the parent and iframe windows. The “_ga” creation is another interesting topic I will share with you in a future post (it will be on the usage of Promise JS API…). The way you code the parameters appending, in this custom HTML tag, is up to you. I used jQuery because it’s straightforward and existing in my website.
3. Two custom RegEx Table variables to be used inside the iframe. Their task is to disaggregate the “consent” parameter value (e.g “111”) into the analytics_storage and ad_storage consent statuses (in this example, “granted” for both). These variables will be based on another custom variable (URL — query type) grabbing the “consent” parameter from the iframe source.
4. A Consent Mode tag (Simo Ahava’s template) set as Default. This tag, to be used inside the iframe as well, will be initiated at the “Consent Initialisation” default trigger, assigning the default statuses to analytics_storage and ad_storage, based on the RegEx Table variables (3). This will be the final step for the Google Consent transfer to the iframe, as this will be set on the parent website consents, and all its tags will behave accordingly.

There are other minor things you will have to take care of, in GTM, but these are the four main building-blocks you need to make the Google Consent sharing works. I don’t go into details in this article, otherwise it would be longer, so I will post a second part very soon. Thanks for reading and stay tuned !

* As specified on top of the article, these guidelines apply to a “single-page-application” iframe, that doesn’t need persistence of Google Analytics identification (because there is no multiple pages navigation).